Vulnerabilities > CVE-2006-4477 - Remote File Include vulnerability in Visualshapers Ezcontents 2.0.3
Summary
Multiple PHP remote file inclusion vulnerabilities in Visual Shapers ezContents 2.0.3 allow remote attackers to execute arbitrary PHP code via an empty GLOBALS[rootdp] parameter and an ftps URL in the (1) GLOBALS[admin_home] parameter in (a) diary/event_list.php, (b) gallery/gallery_summary.php, (c) guestbook/showguestbook.php, (d) links/showlinks.php, and (e) reviews/review_summary.php; and the (2) GLOBALS[language_home] parameter in (f) calendar/calendar.php, (g) news/shownews.php, (h) poll/showpoll.php, (i) search/search.php, (j) toprated/toprated.php, and (k) whatsnew/whatsnew.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description ezContents 2.0.3 shownews.php GLOBALS[admin_home] Parameter Remote File Inclusion. CVE-2006-4477. Webapps exploit for php platform id EDB-ID:28458 last seen 2016-02-03 modified 2006-08-30 published 2006-08-30 reporter DarkFig source https://www.exploit-db.com/download/28458/ title ezContents 2.0.3 - shownews.php GLOBALSadmin_home Parameter Remote File Inclusion description ezContents 2.0.3 toprated.php GLOBALS[language_home] Parameter Remote File Inclusion. CVE-2006-4477. Webapps exploit for php platform id EDB-ID:28462 last seen 2016-02-03 modified 2006-08-30 published 2006-08-30 reporter DarkFig source https://www.exploit-db.com/download/28462/ title ezContents 2.0.3 - toprated.php GLOBALSlanguage_home Parameter Remote File Inclusion description ezContents 2.0.3 event_list.php GLOBALS[admin_home] Parameter Remote File Inclusion. CVE-2006-4477. Webapps exploit for php platform id EDB-ID:28453 last seen 2016-02-03 modified 2006-08-30 published 2006-08-30 reporter DarkFig source https://www.exploit-db.com/download/28453/ title ezContents 2.0.3 - event_list.php GLOBALSadmin_home Parameter Remote File Inclusion description ezContents 2.0.3 gallery_summary.php GLOBALS[admin_home] Parameter Remote File Inclusion. CVE-2006-4477. Webapps exploit for php platform id EDB-ID:28455 last seen 2016-02-03 modified 2006-08-30 published 2006-08-30 reporter DarkFig source https://www.exploit-db.com/download/28455/ title ezContents 2.0. - gallery_summary.php GLOBALSadmin_home Parameter Remote File Inclusion description ezContents 2.0.3 review_summary.php GLOBALS[admin_home] Parameter Remote File Inclusion. CVE-2006-4477 . Webapps exploit for php platform id EDB-ID:28460 last seen 2016-02-03 modified 2006-08-30 published 2006-08-30 reporter DarkFig source https://www.exploit-db.com/download/28460/ title ezContents 2.0.3 - review_summary.php GLOBALSadmin_home Parameter Remote File Inclusion description ezContents 2.0.3 search.php GLOBALS[language_home] Parameter Remote File Inclusion. CVE-2006-4477. Webapps exploit for php platform id EDB-ID:28461 last seen 2016-02-03 modified 2006-08-30 published 2006-08-30 reporter DarkFig source https://www.exploit-db.com/download/28461/ title ezContents 2.0.3 - search.php GLOBALSlanguage_home Parameter Remote File Inclusion description ezContents 2.0.3 showlinks.php GLOBALS[admin_home] Parameter Remote File Inclusion. CVE-2006-4477. Webapps exploit for php platform id EDB-ID:28457 last seen 2016-02-03 modified 2006-08-30 published 2006-08-30 reporter DarkFig source https://www.exploit-db.com/download/28457/ title ezContents 2.0.3 - showlinks.php GLOBALSadmin_home Parameter Remote File Inclusion description ezContents 2.0.3 showpoll.php GLOBALS[admin_home] Parameter Remote File Inclusion. CVE-2006-4477. Webapps exploit for php platform id EDB-ID:28459 last seen 2016-02-03 modified 2006-08-30 published 2006-08-30 reporter DarkFig source https://www.exploit-db.com/download/28459/ title ezContents 2.0.3 - showpoll.php GLOBALSadmin_home Parameter Remote File Inclusion description ezContents 2.0.3 calendar.php GLOBALS[language_home] Parameter Remote File Inclusion. CVE-2006-4477. Webapps exploit for php platform id EDB-ID:28454 last seen 2016-02-03 modified 2006-08-30 published 2006-08-30 reporter DarkFig source https://www.exploit-db.com/download/28454/ title ezContents 2.0.3 - calendar.php GLOBALSlanguage_home Parameter Remote File Inclusion description ezContents 2.0.3 showguestbook.php GLOBALS[admin_home] Parameter Remote File Inclusion. CVE-2006-4477. Webapps exploit for php platform id EDB-ID:28456 last seen 2016-02-03 modified 2006-08-30 published 2006-08-30 reporter DarkFig source https://www.exploit-db.com/download/28456/ title ezContents 2.0.3 - showguestbook.php GLOBALSadmin_home Parameter Remote File Inclusion
References
- http://secunia.com/advisories/21703
- http://securityreason.com/securityalert/1479
- http://securitytracker.com/id?1016770
- http://www.osvdb.org/28321
- http://www.osvdb.org/28322
- http://www.osvdb.org/28323
- http://www.osvdb.org/28324
- http://www.osvdb.org/28325
- http://www.osvdb.org/28326
- http://www.osvdb.org/28327
- http://www.osvdb.org/28328
- http://www.osvdb.org/28329
- http://www.osvdb.org/28330
- http://www.osvdb.org/28331
- http://www.securityfocus.com/archive/1/444779/100/0/threaded
- http://www.securityfocus.com/bid/19776
- http://www.vupen.com/english/advisories/2006/3420
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28674